You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

As the title says it, I'm a common problem at the moment. Here's the situation. I picked up a trojan, looking for a UFC fight on a contaminated site (never been on that site before). And since then, I got rid of 1 virus, 3 trojans and about 240+ spywares.

Now I have tried using AVG, AVAST, Bit Defender, Spy Bot, Adaware 2008, Smitfraudfix, Vundo, and a few more that I forget now.

I have cleaned up a good portion of the contamination, however, I think Virtumonde has made it's way in my registry. I feel comfortable deleting some entries there, but I don't want to miss any. So, now I turn to you for help.

Symptoms were at the beginning, Antivirus XP 2008. Big desktop icon (click anywhere, you brought up the icon) pop ups advertising their product....... I believe, going through suggestions on some forums, that those symptoms are gone completely. But Spy Bot and Adaware are still picking up Virtumonde. And they are not deleting it.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select "Perform Quick Scan", then click Scan.

The scan may take some time to finish,so please be patient.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3. Restart your computer.

4. Please visit this webpage for instructions for downloading and running ComboFix:

Please ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)

In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.It must be saved directly to your desktop.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply.

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,Thunder

Whatever happens, make believe it was intended to ...----------------------------------------------------------------------- - If I have helped you in any way, please consider a donation to help me continue the fight against malware.-----------------------------------------------------------------------Stand Up & Be Counted --> <-- And make a difference

Now the only issue I have is that I do not have a Windows XP cd, and I believe the last time my computer was formated, the person that did it, didn't have a legit key. Which I plan on rectifying in the next couple of months. It's affecting my business and day to day transactions that I can't get updates and format as I used to do every couple of months. I read in the combo fix that I need a legit copy to run it. For now, I can't do it.

I do believe however, according to this log, that the problems are fixed.

You can use the WinXp SP2 file, found at the bottom of this page :http://support.microsoft.com/kb/310994to install the Recovery Console by dragging it on ComboFix.exe. (Just verify you download the correct version, Home or Pro)

Greetings,Thunder

Whatever happens, make believe it was intended to ...----------------------------------------------------------------------- - If I have helped you in any way, please consider a donation to help me continue the fight against malware.-----------------------------------------------------------------------Stand Up & Be Counted --> <-- And make a difference

Open Notepad - don't use any other texteditor than Notepad or the script will fail !Copy/paste the bold, blue text below into an empty notepad window:http://www.bleepingcomputer.com/forums/t/160461/virtumonde-for-sure-maybe-more-trojans-too/Collect::[9]E:\WINDOWS\system32\yyykuewq.exeFolder::E:\VundoFix BackupsSave this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. Upon reboot, (in case it asks to reboot), post the contents of the Combofix log in your next reply, as well as a fresh HijackThislog.

When CF finishes running, the ComboFix log will open along with a message box, --do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK on the message box. A browser will open. Simply follow the instructions to copy/paste/send the requested file [9]-Submit_Date_Time.zip.

Are you still having problems ?

Greetings,Thunder

Whatever happens, make believe it was intended to ...----------------------------------------------------------------------- - If I have helped you in any way, please consider a donation to help me continue the fight against malware.-----------------------------------------------------------------------Stand Up & Be Counted --> <-- And make a difference

You can remove all used tools and folders created in the process.To remove ComboFix :Go to Start > Run, and copy and paste next command in the field:ComboFix /uMake sure there's a space between Combofix and /uThen press Enter.This will uninstall Combofix, delete its related folders and files, restore your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

And that's about it.

Greetings,Thunder

Whatever happens, make believe it was intended to ...----------------------------------------------------------------------- - If I have helped you in any way, please consider a donation to help me continue the fight against malware.-----------------------------------------------------------------------Stand Up & Be Counted --> <-- And make a difference

I know I'm going to contribute to the other threads as much as I know what they are talking about (O/S and a few more topics) This has by far been the best use out of a forum that I have seen yet!!!!!!!!!!!!!!!11

Please read this Prevention page with lots of info and tips how to prevent this in the future.And if you want to improve speed/system performance after malware removal, take a look here.Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Since this issue appears resolved ... this Topic is closed.If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Whatever happens, make believe it was intended to ...----------------------------------------------------------------------- - If I have helped you in any way, please consider a donation to help me continue the fight against malware.-----------------------------------------------------------------------Stand Up & Be Counted --> <-- And make a difference